Re: allow users to run application
From: Jimmy Andersson [MVP] (jimmy_NO_SPAM__at_mvps.org)
Date: 02/21/05
- Next message: Jimmy Andersson [MVP]: "Re: How do I add/edit a registry key using group policy?"
- Previous message: Jimmy Andersson [MVP]: "Re: How do I add/edit a registry key using group policy?"
- In reply to: Steven L Umbach: "Re: allow users to run application"
- Next in thread: Bruce Sanderson: "Re: allow users to run application"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 21 Feb 2005 13:25:16 +0100
In additions to Andrew's and Steven's great answers, you can also use the
Application Compatibility Toolkit to find out what the application tries to
do.
http://www.microsoft.com/windows/appcompatibility/default.mspx
Regards,
/Jimmy
-- Jimmy Andersson, Q Advice AB Microsoft MVP - Directory Services ---------- www.qadvice.com ---------- "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message news:ewtqQXrFFHA.3492@TK2MSFTNGP12.phx.gbl... > Andrew gives great advice on tracking down permissions problems. Usually > you will find users denied access to the application folder in program > files, the application subfolder in program files\common files, the > application subfolder folder in the all users profiles\application data > folder, or the HKLM\software folder for the application. It is not always > possible to solve the problem with permission changes. If the user can run > the application as a power user then it should be able to be solved with > modifying permissions. > > If all that fails and since the clients are XP Pro you can use Software > Restriction Policies to restrict what application a domain user runs and > installs on their domain computer. This also can apply to local > administrators via the enforcement rule [except for safe mode]. Of course > a local administrator could always unjoin a computer from the domain to > avoid any domain policy assuming they know that they are an administrator, > that they know how, and would take the risk based on consequences in your > user computer use policy. The link below explains SRP more. You will > probably find that using hash and path rules will do what you want and > check all the files that are considered applications for SRP as admins > usually get tripped up not realizing that shortcuts are considered > applications by default. --- Steve > > http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/rstrplcy.mspx - > -- SRP. > > "Paul" <Paul@discussions.microsoft.com> wrote in message > news:FE93CB2D-A852-4991-AE45-41C36E1A9EE6@microsoft.com... >>I have a bunch of application that needs admin rights to run. They will be >> installed locally to the user PC is their away I can create a policy to >> allow >> the domain user to run these programs without giving them admin rights to >> the >> PC? >> >> It would be great to have a domain wide policy but we could do local >> policy >> if need be. I realy don't want to have them do a run as. >> >> It is a xp on 2003 enviroment. >> >> Thank you for any help. > >
- Next message: Jimmy Andersson [MVP]: "Re: How do I add/edit a registry key using group policy?"
- Previous message: Jimmy Andersson [MVP]: "Re: How do I add/edit a registry key using group policy?"
- In reply to: Steven L Umbach: "Re: allow users to run application"
- Next in thread: Bruce Sanderson: "Re: allow users to run application"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
